X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol.c;h=6da4025ada10402cfe5808679696f251c475df72;hb=9d5c9bf6ba74e4e8bbd12b97fdda6c665155fec6;hp=a193933b94c0cb68819184aee32c8a2fe4f8caf2;hpb=4fa12eb85d72f039df5004abc201f01f5573c2e4;p=tinc diff --git a/src/protocol.c b/src/protocol.c index a193933b..6da4025a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.83 2001/02/27 16:37:28 guus Exp $ + $Id: protocol.c,v 1.28.4.85 2001/03/04 13:59:28 guus Exp $ */ #include "config.h" @@ -119,7 +119,7 @@ int receive_request(connection_t *cl) cp if(sscanf(cl->buffer, "%d", &request) == 1) { - if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) + if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) { syslog(LOG_ERR, _("Unknown request from %s (%s)"), cl->name, cl->hostname); @@ -521,7 +521,17 @@ cp RAND_bytes(cl->cipher_outkey, len); - cl->cipher_outkey[0] &= 0x0F; /* Make sure that the random data is smaller than the modulus of the RSA key */ + /* The message we send must be smaller than the modulus of the RSA key. + By definition, for a key of k bits, the following formula holds: + + 2^(k-1) <= modulus < 2^(k) + + Where ^ means "to the power of", not "xor". + This means that to be sure, we must choose our message < 2^(k-1). + This can be done by setting the most significant bit to zero. + */ + + cl->cipher_outkey[0] &= 0x7F; if(debug_lvl >= DEBUG_SCARY_THINGS) { @@ -530,9 +540,14 @@ cp syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); } - /* Encrypt the random data */ + /* Encrypt the random data - if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ + We do not use one of the PKCS padding schemes here. + This is allowed, because we encrypt a totally random string + with a length equal to that of the modulus of the RSA key. + */ + + if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); free(buffer); @@ -1249,7 +1264,7 @@ cp int send_tcppacket(connection_t *cl, vpn_packet_t *packet) { int x; - +cp x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len); if(x) @@ -1263,8 +1278,8 @@ int tcppacket_h(connection_t *cl) vpn_packet_t packet; char *p; int todo, x; - - if(sscanf(cl->buffer, "%*d %hd", packet.len) != 1) +cp + if(sscanf(cl->buffer, "%*d %hd", &packet.len) != 1) { syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname); return -1; @@ -1274,7 +1289,7 @@ int tcppacket_h(connection_t *cl) p = packet.data; todo = packet.len; - + while(todo) { x = read(cl->meta_socket, p, todo); @@ -1284,7 +1299,7 @@ int tcppacket_h(connection_t *cl) if(x==0) syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); else - if(errno==EINTR) + if(errno==EINTR || errno==EAGAIN) /* FIXME: select() or poll() or reimplement this evil hack */ continue; else syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); @@ -1296,7 +1311,9 @@ int tcppacket_h(connection_t *cl) p += x; } - return receive_packet(cl, &packet); + receive_packet(cl, &packet); +cp + return 0; } /* Jumptable for the request handlers */